2

After some research, I didn't find any solutions. So I post here.

My goal: redirected the HTTPs traffic from my custom program to BurpSuite in order to analyse the server response and debug my program.

  • I have Debian 4.4.3
  • I have two network interfaces : eth0 and tap0, I work on tap0.
  • I have a php program that just send an HTTPS request to a local server (tap0). My php code use CURL to send the request (curl_init(), curl_setopt() etc.)

In a debugging goal, I have thought to send my flows via BurpSuite in order to see the HTTPS requests. So:

  • I launch Burp that listen on all interfaces port 8080

  • I configure /etc/proxychains.conf and in my ProxyList there are:

    socks4 127.0.0.1 8080
socks5 127.0.0.1 8080
socks4 XX.XX.XX.217 8080
socks5 XX.XX.XX.217 8080

And when I use proxychains:

prochychains php myProgramme.php

My program is executed but proxychains doesn't "proxify" the flow and so Burp doesn't see nothing...

I think that's because I am in my local network ?

What do you think about the best solution to intercept and see the HTTPS flows to my php program ?

Venux
  • 21
  • 2
  • What do you want to see on your connection? You can get a lot of the data including headers with a debugger in your browser. Response times can often be logged in the access log. – BillThor Jul 18 '16 at 01:04
  • Yes I know but I want to see the behaviour of my php code, especially the CURL options. – Venux Jul 18 '16 at 20:15

1 Answers1

0

this is how u should configure. this is for kali linux and burpsuite is preinstalled.

once u set up the burpsuite, u can use default values but the only thing is keep intercept off on burpsuite. if u click on proxy and u will see 4 tabs and intercept should be off.

first thing we want mozilla connect to the internet through burpsuite. so go to mozilla preferences>general, scroll down all the way to "network Proxy". click on settings and check "manual proxy configuration". u will see 4 fields each has port box. so for all of the fields type "127.0.0.1" and for all of the port boxes "8080". by default under those fields SOCKSv5 should be checked if not check it.

this was the first step and now we can connect only http websites. for https websites u should see "connection is not secure"(something like that). we have to install burpsuite CA certificate. go to http://burpsuite/ and on the right side click on CA Certificate and download it.

for final step we have to import this certificate to mozilla. So mozilla will recognize burpsuite as a trusted proxy source. Make sure your suit is running.go to mozilla preferences, on the left click on privacy and security, then scroll all the way down to certificates. click on browse and u will be directed to browse the downloaded ca certificate file. import it click, u will see a modal pop ups, select both the options and then ok. u r good to go

Yilmaz
  • 289
  • 1
  • 4
  • 22